Password mask in container leaf

vasubabu · November 3, 2023, 6:45am

Hi,

I am trying like

container proxy {
130                     tailf:cli-flatten-container
131                     tailf:cli-add-mode;
132                     leaf proxy-server {
133                         type oc-inet:url;
134                         description
135                             "Specifies the web proxy server endpoint for the device.";
136                             //Examples: http://192.168.10.20:3128, https://myproxy.com:3128
137                     }
138
139                     leaf proxy-username {
140                         type string;
141                         description
142                             "Specifies the username for web proxy server credentials.";
143
144                     }
145
146                     leaf proxy-password {
147                         type string;
148                         description
149                             "Specifies the password for web proxy server credentials.";
150                     }
151                 }

It’s not taking mased password

mvf · November 7, 2023, 4:09pm

Can you explain what behavior you expect?

vasubabu · November 8, 2023, 3:52am

 leaf proxy-server {
                    type oc-inet:url;
                    description
                        "Specifies the web proxy server endpoint for the device.";
                        //Examples:  https://myproxy.com:123
                    default none;

                }

                leaf proxy-username {
                    type string;
                    description
                        "Specifies the username for web proxy server credentials.";
                    tailf:cli-only-in-autowizard;
                    default none;
                     tailf:display-when '(../sys-lic-install:proxy-server != "none")';
                }

                leaf proxy-password {
                    type string;
                    description
                        "Specifies the password for web proxy server credentials.";
                    tailf:suppress-echo true;
                    tailf:display-when '(../sys-lic-install:proxy-server != "none")';
                    tailf:cli-only-in-autowizard;
                }

proxy-server should configured “HTTP://1.2.3.4:123”
Need auto wizard for username
Need auto wizard of password. it should be masked like “*****”

mvf · November 8, 2023, 8:47am

As far as I can tell, this behaves pretty much according to specification:

box(config-proxy-config)# proxy-server http://myproxy.com:123 proxy-username ?
Possible completions:
  <cr>
box(config-proxy-config)# proxy-server http://myproxy.com:123 proxy-username 
(<string>) (none): proxyuser
box(config-proxy-config)# proxy-password ?
Possible completions:
  <cr>
box(config-proxy-config)# proxy-password 
(<string>): *******
box(config-proxy-config)#

Is this not what you see? You may also want to use different type for password, the type string means that the password is stored (and showed) in cleartext; alternatives are digest types such as crypt-hash from iana-crypt-hash or one of symmetric encryption types from tailf-common.

vasubabu · November 8, 2023, 10:39am

box(config-proxy-config)# proxy-server http://myproxy.com:123 proxy-username ?
Possible completions:

box(config-proxy-config)# proxy-server http://myproxy.com:123 proxy-username
() (none): proxyuser

After this, it is supposed to be incomplete and proxy-password promote wizard should popup

mvf · November 9, 2023, 3:38pm

The autowizard is automatically triggered only when you create a new list instance and its data model contains mandatory leaves. Your leaves are not mandatory and it looks to me you would have to change your data model a little bit before you can make them mandatory. And even then, there is that condition about list instance; if you really need automatic autowizard, you can work around this condition by using max-elements 1 list.

vasubabu · December 21, 2023, 12:14pm

//Examples: http://192.168.10.20:3128, https://myproxy.com:3128

I want to add a pattern for these above strings proxy-server Can you help me?

I tried

pattern ‘((https?|http)://(((\b(?:\d{1,3}.){3}\d{1,3}\b)|([([a-fA-F0-9:]+)])|([a-zA-Z0-9_-]+(.[a-zA-Z0-9_-]+)+)):\d{1,5})(/[^\s]*)?)’;

landed at compilation issue

mvf · December 22, 2023, 9:21am

A valid YANG pattern that seems to capture your intent is

pattern 'https?://((\d{1,3}[.]){3}\d{1,3}|[a-fA-F0-9:]+|[a-zA-Z0-9_-]+([.][a-zA-Z0-9_-]+)+):\d{1,5}(/[^\s]*)?';

I removed few redundancies (some parentheses and the http part are not needed) and fixed some issues. But note that even that is a bit too simplistic and does not eliminate many invalid URLs, you still need to validate it in your code (in a “standard” validation callback or via a custom type). Doing full URL check via a regex pattern is generally possible, but the result would be a real mess.

(Please, next time open a new topic, there is no reason this question is under unrelated “Password mask in container leaf”.)